Is your car just another hackable code?

These constant developments in vehicle computerisation have not only made our vehicles software and firmware dependent, but also susceptible to software-based threats like malware, ransomware and other malicious codes.

Imagine this, you are driving home after a long day and suddenly the radio station starts changing itself, the accelerator acts erratic and suddenly you are no more in control of the wheel. Sounds ghostly, right? Well, there are no ghosts but a hacker controlling your car, just like in a video game, only because he wanted to find out if he can turn a regular car into a NFS-Mustang!

Some time back, a similar hacking case caught everyone’s eyes, when two white-hat hackers remotelykilled the transmission of a JeepCherokee in what was during a hacking experiment. This led to the company recalling as many as 1.4 million vehicles. In that moment, the possibility of car hacking became real to the world!

Today’s cars are packed with hundreds of electronic controllers, computing power, lines of codes and wireless connections, which are tethered to the outside world. As researchers forecast, this combination of new car features and aftermarket devices could mean nearly 152-million actively connected cars on global roads by 2020 and more than two-billion connected cars by 2025.

Such booming markets and technical complexities of connected vehicles have opened modern gateways for hackers to enter the car and pose greater threat to the vehicle safety and security, besides causing enormous damage to the users and tainting the carmaker’s brand.

Additionally, these constant developments in vehicle computerisation have not only made our vehicles software and firmware dependent, but also susceptible to software-based threats like malware, ransomware and other malicious codes.

For instance, the Electronic Control Unit (ECU) is an embedded device that runs on various operating systems and controls critical functions inside the vehicle, such as steering, brakes, acceleration, transmission, suspension and engine control. And just like any other software or firmware-based device, this embedded device has weaknesses that can be easily exploited, making them an easy target.

The automotive processors that generate, process, exchange and store massive amounts of sensitive data are another attractive target for hackers and create the need for high level security.

To protect these in-vehicle networks against unsolicited manipulating and stealing of data, it is important to reconsider the security architecture of the networks separating various domains inside a vehicle. The protection of code and data that resides in the network needs to have strong encryption and authentication to ensure the car is securely communicating with known and trusted entities only.

This need for a robust security architecture, which is not only compatible with the vehicle’s hardware but also surpasses the possibility of loopholes, is further accentuated as we as we advance toward autonomous driving.

Considering that the risks associated with hacking autonomous and connected vehicles are high, the lifecycle management mechanism should be front of mind for manufacturers. This mechanism allows controlled lockdown of some of the controller and processor features.

For example, debug and serial download are essential features during vehicle development and manufacturing that could prove to be invaluable tools for hackers, if they were accessible on production vehicles. So, if lifecycle management is carried out right from the start, the chances of security breach are lower.

The automotive industry can learn from the evolution of security in both traditional and other embedded device verticals. There are theoretically infinite number of susceptibilities in any firmware and software that hackers depend on. As defenders, vehicle manufacturers need to spot all the minute portion of vulnerabilities and patch them, one at a time.

However, new patches alone cannot offer a definite solution each time. First, the new patch may itself contain new vulnerabilities or may fail to fully address the underlying cause. Second, and more prominently, we do not want a future where we apply dozens, hundreds or even thousands of patches a year.

So, what do we need? While no single solution can prevent all the attacks, a well-designed defence war plan and in-depth strategy will be critical. To prevent such security failures, firewalls will be paramount. Though many useful firewalls of defences exist today, the three crucial ones are:

With the move towards connected and autonomous vehicles, the car industry must handle new challenges and risks. And as our dependence on software continues to grow, a common platform of hardware and software is critical to meet the growing complexity and offer automakers more flexibility to fix security vulnerabilities after the car hits the road – without a costly recall.

DISCLAIMER: The views expressed are solely of the author and ETAuto.com does not necessarily subscribe to it. ETAuto.com shall not be responsible for any damage caused to any person/organisation directly or indirectly.

Sanjay Gupta is the Vice President and India Country Manager at NXP India. He is responsible for leading NXPs business in India and ensuring local compliance with government and corporate programs and policies.

Sanjay Gupta is the Vice President and India Country Manager at NXP India. He is responsible for leading NXPs business in India and ensuring local compliance with government and Show more.. corporate programs and policies.